Hi,
Is there a way to encrypt the data file that mysql uses? I have a mysql server on an open machine, and I would like to encrypt the data file so even if someone copies the data files, they cannot read the data.
Thanks
Hi,
Is there a way to encrypt the data file that mysql uses? I have a mysql server on an open machine, and I would like to encrypt the data file so even if someone copies the data files, they cannot read the data.
Thanks
you could encrypt the data within mysql using the built in encryption functionality.
as for the files, any file solution should work fine.
You can use an encrypted filesystem, like the native one for NTFS on Windows or one of the various options for linux. In addition you can store the data encrypted.
MySQL doesn't support data file encryption natively. There are 3rd products out there such as:
http://www.vormetric.com/products/vormetric_database_encryption_expert.html
There's a 'white paper' on the topic here:
http://www.vormetric.com/documents/FINALPart2DatabaseEncryptionCoreGuardvsColumnLevelWhitePaper7.pdf
To be honest, if the database content has any commercial value or contains personal data about individuals, you should really control who has access to the datafiles (whether encrypted or not). In the UK, leaving such data files open to casual passers-by, would be a data protection no no.
Thanks for the replies. I really can't store the data encrypted, since I would loose the ability of querying the data correctly.
I am not sure what do you mean when you say that your machine is open. If people have access to the console, or to your account it is much harder of a task to encrypt the file.
Did you look at Truecrypt? It works for most popular operating systems and allows to create a virtual encrypted partition, lock down a hard drive partition,an external drive or a usb device.
Thank you all for your replies. When I say the machine is open, I mean anyone has "admin" access (it's a windows box). I think I'll have a look at TrueCrypt. I don't want to use a hosting service because of the additional cost.
By the way, I found a simple answer: since I'm on windows, I can use NTFS encryption for a mysql windows user, and then use that user to start the mysql service.
To anyone researching a transparent MySQL encryption solution for Linux, there's a relatively new product on the block that we've been working with: http://www.critotech.com/
I am not affiliated with Critotech... just a happy customer.